0083 XLS-83d: Passkey Signature Support #236
Replies: 5 comments 10 replies
-
|
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
I'm curious how this makes it more convenient for users if they still have to store a private key? I'm also curious as to the term unphishable and how it applies here. My keypair, while it could sign other things doesnt really work anywhere else. So is this really a selling point? I do see the idea that they are device specific but also see passkey "syncing" so I'm a bit confused. I'm also extremely concerned with the idea that some are suggesting sharing the keystore between devices. Wow. How is this different or more secure then just storing the private key in the hardware keystore on the mobile device and accessing through biometrics? |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
We can only disable the master key if RegulayKey or Multisig (SignerList) is set, but will PasskeyList be added to these? |
Beta Was this translation helpful? Give feedback.
-
Proposes adding passkey (WebAuthn) support into the XRP Ledger protocol for enhanced security and user experience.
Abstract
This proposal introduces passkey support to the XRP Ledger by adding the ability to verify signatures created as part of a WebAuthn authentication flow. By allowing users to utilize passkeys for transaction authorization, the XRP Ledger can enhance security, improve user experience, and encourage wider adoption through the use of phishing-resistant authentication.
Motivation
As the XRP Ledger continues to grow, there is a need to improve security and user experience for account access and transaction authorization. Traditional key generation and management can be complex and insecure for end-users, leading to potential loss of funds due to mishandling of secret keys or falling victim to phishing attacks. By integrating passkey support using WebAuthn standards, users can leverage device-bound or syncable credentials (passkeys) for secure, convenient, and phishing-resistant authentication.
Specification
This specification focuses on the ability to handle the signature structure and data fields required by passkey authentication. A separate spec, XLS-84d: Support for ES256 on the P-256 curve in Passkey Signatures, covers cryptographic algorithm support.
Overview
This specification proposes the addition of passkey support to the XRP Ledger by:
Simplified Passkey Signature Implementation
Rationale
Unlike most WebAuthn use cases, the XRP Ledger is a public, permissionless blockchain where security relies on cryptographic signatures proving that a transaction is authorized. To securely integrate passkey (WebAuthn) support into the XRP Ledger, it's essential to align with the WebAuthn specification. This requires including necessary data structures—
AuthenticatorData
,ClientDataJSON
, andPasskeyID
—in transactions. These components ensure that signatures produced by passkeys can be properly verified, maintaining the security and integrity of the ledger.Transaction Format Modifications
Transactions signed using a passkey MUST include the following fields:
SigningPubKey
: The public key associated with the passkey credential.PasskeySignature
: An object containing the signature and related data necessary for verification.TxnSignature
: This field MUST be set to an empty string or omitted when usingPasskeySignature
.New Field:
PasskeySignature
The
PasskeySignature
field is an object containing the following subfields:PasskeyID
string
Blob
AuthenticatorData
string
Blob
ClientDataJSON
string
Blob
Signature
string
Blob
Algorithm
number
Int32
PasskeyID
: The identifier of the credential used for signing, as provided by the authenticator.AuthenticatorData
: The raw bytes of the authenticator data returned during the signing process. It contains information from the authenticator about processing a credential creation or authentication request.ClientDataJSON
: The JSON-serialized client data used during the signing process.Signature
: The digital signature produced by the authenticator. The signature signsauthenticatorData + SHA256(clientDataJSON)
. The authenticatorData contains a "counter" that increases each time the credential key is used to authenticate.Algorithm
: An integer indicating the cryptographic algorithm used by the credential, specified using COSE algorithm identifiers per the WebAuthn specification.Transaction Fields Summary
TransactionType
string
UInt16
Account
string
AccountID
SigningPubKey
string
Blob
PasskeySignature
object
Object
TxnSignature
PasskeySignature
is presentstring
VariableLength
Sequence
number
UInt32
Fee
string
Amount
...
Passkey Registration and Management
New Ledger Entry:
PasskeyList
The
PasskeyList
ledger entry represents a list of registered passkey credentials associated with an account.Fields
LedgerEntryType
string
UInt16
Account
string
AccountID
Passkeys
array
Array
Passkeys Array Elements
Each element in the
Passkeys
array represents a registered passkey credential:PasskeyID
string
Blob
PublicKey
string
Blob
SignCount
number
UInt32
Algorithm
number
Int32
Algorithm
: An integer indicating the cryptographic algorithm used by the credential, specified using COSE algorithm identifiers per the WebAuthn specification.New Transaction Type:
SetPasskeyList
The
SetPasskeyList
transaction allows an account owner to add or remove passkey credentials from theirPasskeyList
.Fields
TransactionType
string
UInt16
Account
string
AccountID
PasskeyActions
array
Array
Fee
string
Amount
Sequence
number
UInt32
SigningPubKey
string
Blob
TxnSignature
string
Blob
PasskeyActions Array Elements
Each element specifies an action to add or remove a passkey credential:
Action
string
UInt8
PasskeyID
string
Blob
PublicKey
Action
is"add"
string
Blob
SignCount
Action
is"add"
number
UInt32
Algorithm
Action
is"add"
number
Int32
Action
: MUST be either"add"
or"remove"
.Account Deletion
The
PasskeyList
object is a deletion blocker. An account cannot be deleted if it has aPasskeyList
associated with it. To delete the account, thePasskeyList
must first be removed by removing all passkey credentials using theSetPasskeyList
transaction.Processing Rules
Action
is"add"
, the transaction MUST add the provided passkey credential to the account'sPasskeyList
.Action
is"remove"
, the transaction MUST remove the specified credential from thePasskeyList
.SetPasskeyList
transaction MUST be signed using the account's master key or an existing authorized signer.Transaction Signing with Passkeys
Modifications to Transaction Validation
When a transaction containing a
PasskeySignature
is submitted, the server MUST perform the following steps:Credential Lookup: Verify that the
PasskeyID
inPasskeySignature
corresponds to a registered credential in the account'sPasskeyList
.Extract Algorithm: Retrieve the
Algorithm
associated with thePasskeyID
from thePasskeyList
.Reconstruct Client Data Hash: Compute the SHA-256 hash of the
ClientDataJSON
.Construct Signed Data: Concatenate
AuthenticatorData
and theClientDataHash
.Verify Signature.
Signature Verification: Use the selected algorithm to verify the
Signature
over the concatenated signed data (AuthenticatorData || SHA-256(ClientDataJSON)
) using thePublicKey
.Failure Handling: If the algorithm is unsupported or the verification fails, the transaction MUST fail with a
temBAD_SIGNATURE
error.Validate Challenge: Ensure that the
challenge
in theClientDataJSON
matches the expected value (the SHA-256 hash of the serialized transaction blob, excluding theTxnSignature
andPasskeySignature
fields).Prevent Replay Attacks: Compare the
SignCount
fromAuthenticatorData
with the storedSignCount
for the credential. TheSignCount
MUST be greater than the stored value. Update the storedSignCount
with the new value.Validate Origin (Optional): Servers MAY verify that the
origin
inClientDataJSON
matches an expected value to enhance security.Signature Verification Process
The verification MUST follow the WebAuthn Level 2 specification for verifying an authentication assertion. The transaction hash is used as the
challenge
in theClientDataJSON
, binding the signature to the specific transaction.Transaction Signing Process
Transaction Preparation: The client prepares the transaction as usual, excluding the
TxnSignature
field.Generate Challenge: Compute the SHA-256 hash of the serialized transaction blob (excluding the
TxnSignature
andPasskeySignature
fields) to be used as thechallenge
in the WebAuthn authentication flow.Invoke WebAuthn API: Use the WebAuthn API (
navigator.credentials.get
) with appropriate parameters, including thechallenge
, to obtain an assertion (AuthenticatorAssertionResponse
).Construct
PasskeySignature
: Extract theAuthenticatorData
,ClientDataJSON
,Signature
, andPasskeyID
from the assertion and include them in thePasskeySignature
field. Include theAlgorithm
if necessary.Submit Transaction: Send the transaction with the
PasskeySignature
field to the XRP Ledger.Supporting Passkey Signatures in Multi-Signature Transactions
Modifying the
Signers.Signer
ObjectTo support passkey signatures in multi-signature transactions, the
Signers.Signer
object is modified to include thePasskeySignature
field, allowing signers to provide a passkey signature instead of a traditionalTxnSignature
.Updated
Signers.Signer
Fields:Account
string
AccountID
SigningPubKey
string
Blob
TxnSignature
PasskeySignature
is omittedstring
Blob
PasskeySignature
TxnSignature
is omittedobject
Object
Note: Exactly one of
TxnSignature
orPasskeySignature
MUST be present in eachSigner
object.Multi-Signature Transaction Signing Process with Passkeys
Transaction Preparation:
Signers
array containing one or moreSigner
objects.Signer
object represents a signer that contributes a signature to the transaction.Signing with Passkeys:
PasskeySignature
field within theSigner
object instead ofTxnSignature
.Signing with Traditional Signatures:
TxnSignature
field within theSigner
object.Combined Signature List:
Signers
array may contain a mix of signers usingTxnSignature
and signers usingPasskeySignature
.Modifications to Transaction Validation for Multi-Signature Transactions
When validating a multi-signature transaction that includes passkey signatures, the server MUST perform the following steps for each
Signer
in theSigners
array:Verify
Signer
Structure:TxnSignature
orPasskeySignature
is present.Signature Verification:
TxnSignature
is present:PasskeySignature
is present:Check Signing Permissions:
SignerList
associated with the account.Passkey Signature Verification Steps in Multi-Signature Context
For each
Signer
using a passkey signature:Credential Lookup:
PasskeyID
corresponds to a registered credential in the account'sPasskeyList
.Extract Algorithm:
Algorithm
associated with thePasskeyID
from thePasskeyList
.Compute Client Data Hash:
ClientDataJSON
.Construct Signed Data:
AuthenticatorData
and theClientDataHash
.Verify Signature:
Signature
over the concatenated signed data using thePublicKey
.Validate Challenge:
challenge
inClientDataJSON
matches the hash of the multi-signature transaction blob.Prevent Replay Attacks:
SignCount
fromAuthenticatorData
is greater than the storedSignCount
and update it.Check Signing Permissions:
SignerList
and contributes towards the quorum.Example
Signers
Array with Passkey SignaturesError Handling
Invalid
Signer
Structure:TxnSignature
andPasskeySignature
are present, or if neither is present, the transaction MUST fail with atemMALFORMED
error.Signature Verification Failure:
temBAD_SIGNATURE
error.Unauthorized Signer:
SignerList
, the transaction MUST fail with atefBAD_AUTH_MASTER
error.Modifications to RPC Methods
Modifying the
account_objects
RPC RequestTo allow clients to retrieve passkey-related ledger objects, the
account_objects
RPC request is modified to include apasskey
option in thetype
field.Updated
account_objects
Request Fieldsaccount
string
type
string
passkey
.Example Request
Response Modification
When the
type
field is set topasskey
, the response MUST include onlyPasskeyList
ledger objects associated with the specified account.Example Response
Account Setup for Passkey Authentication
Credential Registration: Accounts MUST initialize their
PasskeyList
using theSetPasskeyList
transaction, adding desired passkey credentials along with their correspondingAlgorithm
(COSE algorithm identifier).Authorization: The initial
SetPasskeyList
transaction MUST be authorized using existing account credentials (e.g., master key or regular key).Multiple Credentials: Accounts MAY register multiple passkey credentials, potentially using different algorithms, to allow for backup devices or multiple users.
Algorithm Consistency: It is important that the
Algorithm
provided during registration matches the algorithm used by the authenticator for that credential. This ensures correct verification during transaction signing.Error Handling
Unregistered Credential: If the
PasskeyID
is not found in thePasskeyList
, the transaction MUST fail with atecNO_PERMISSION
error.Invalid Signature: If the signature verification fails, the transaction MUST fail with a
temINVALID_SIGNATURE
error.Unsupported Algorithm: If the
Algorithm
is not supported by the verifier, the transaction MUST fail with atemBAD_SIGNATURE
error.Algorithm Mismatch: If the algorithm used in the signature does not match the
Algorithm
specified in thePasskeyList
, the transaction MUST fail with atemBAD_SIGNATURE
error.Invalid Challenge: If the
challenge
in theClientDataJSON
does not match the expected value (transaction hash), the transaction MUST fail with atemBAD_SIGNATURE
error.Compliance with WebAuthn Specification
Algorithm Specification: By using COSE algorithm identifiers for the
Algorithm
field, the XRPL implementation aligns with the WebAuthn specification.Consistency in Verification: This ensures that the verification process can accurately select and apply the correct cryptographic algorithm, as the authenticator and the verifier agree on the algorithm used.
Reference: See the WebAuthn Level 2 Specification, Sections 5.10.3 (
PublicKeyCredentialParameters
) and 6.2 (Generating an Authentication Assertion
), for details on how algorithms are specified and used.Handling Different Cryptographic Algorithms
Please see: XLS-84d: Support for ES256 on the P-256 curve in Passkey Signatures
Beta Was this translation helpful? Give feedback.
All reactions